What Is A "Payment Service"?

I'm often approached by senior managers in businesses who've been asked this question - usually by their credit card acquirer, a financial regulator or a potential customer doing its due diligence. There's often no simple answer, but I've explained the main issues below. Please get in touch if you would like to discuss any of them.

Which types of businesses need to think about this?

This question tends to arises where your business:

• receives cash from one set of customers and makes payments to other customers. Examples range from e-commerce marketplaces, to law firms, to fully regulated payment service providers (including banks, e-money institutions and payment institutions);

• issues vouchers or other forms of value that can be exchanged for goods or services, either from the same business or some other participating retailers or suppliers;

• enables customers to send transaction data to their card acquirer, initiate a payment from their bank account or share bank statements or other financial information with third parties.

Depending on the circumstances any of these activities could mean that you are either:

• offering an "e-money" service and/or a "payment service", in which case you would and need some form of regulatory authorisation or registration; or

• your activities might be outside the scope of regulation, or in scope but specifically excluded from some or all of the authorisation or registration requirements.

How are payment services regulated?

Activities involving e-money and payments are mainly regulated throughout the EEA under national regulations that implement the second Electronic Money Directive (EMD) and the second EU Payment Services Directive (PSD).

These two directives are 'maximum harmonisation' directives, which means each EEA member state is supposed to apply them the same way (subject to a few permitted options). However, the interpretation by one country’s regulator that a service is either out of scope of the EMD and PSD, or in scope but expressly excluded, cannot be ‘passported’ to other EEA countries. So it is prudent to check the interpretation with local counsel in each significant EEA market in which you intend to operate.

If your activities are in scope, and not excluded, then you would need to be authorised as an E-money Institution (EMI) or payment institution (PI), or registered as small EMI or PI or as the agent of an EMI or PI. If you offer 'account information services' then you only need a registration; and some types of exclusion also require you to register with the local regulator.

A fully authorised firm may “passport” its services into other EEA countries (or rely on its principal’s passports if it is a registered agent).  Because of Brexit, however, UK-based institutions would need to set up an entity based in one of the remaining EU27 countries, or an EEA member state, from which to passport services around the EEA; and EEA-based firms can either register for a temporary permission (by 30 January 2020) or set up a UK subsidiary and apply for the relevant authorisation or registration locally.

What is a payment service?

Unless you enable the collection and withdrawal of physical cash, the “payment services” you are most likely to be concerned with involve:

• the 'execution' (processing etc) of payment transactions involving card-based payments, bank/credit transfers, direct debits, either with or without credit;

• money remittance: where funds are received from a payer, without any payment accounts being created in the name of the payer or the payee, for the sole purpose of transferring a corresponding amount to a payee or to another payment service provider acting on behalf of the payee, and/or where such funds are received on behalf of and made available to the payee;

• issuing payment instruments: contracting to provide a payer with a payment instrument to initiate and process the payer’s payment transactions (a payment instrument is any personalised device(s) and/or set of procedures agreed between the user and the service provider that is used to initiate a payment order);

• aquiring payment transactions: contracting with a payee to accept and process payment transactions, which results in a transfer of funds to the payee (e.g. debit/credit card acquiring or 'merchant acquiring');

• payment initiation services: a service to initiate a payment order at the request of the user with respect to a payment account held at another payment service provider; or

• account information services: an online service to provide consolidated information on one or more payment accounts held by the user with on or more other payment service provider(s).

There are many related definitions, but the central one to understand is that a "payment transaction" means "an act initiated by the payer or payee, or on behalf of the payer, of placing, transferring or withdrawing funds [i.e. money, including "e-money"], irrespective of any underlying obligations between the payer and payee." This definition can involve some degree of legal fiction, such as when applied to card acquiring, which actually involves multiple payment transactions.

What is e-money?

The term “electronic money” or "e-money" means monetary value that is:

• electronically stored; 
• represented by a claim on the electronic money issuer, 
• issued on receipt of funds, 
• for the purpose of making “payment transactions”; 
• accepted by a person other than the electronic money issuer; and 
• not a “limited network” service.

"Limited networks" are services based on specific payment instruments that can be used only in a limited way and meet any one or more of the following conditions:

• allow the holder to acquire goods or services only in the issuer's premises;

• are issued by a professional issuer and allow the holder to acquire goods or services only within a limited network of service providers which have direct commercial agreements with the issuer;

• may be used only to acquire a very limited range of goods or services; or

• are valid only in a single EEA State, are provided at the request of an undertaking or a public sector entity, and are regulated by a national or regional public authority for specific social or tax purposes to acquire specific goods or services from suppliers which have a commercial agreement with the issuer.

The exclusion for limited networks also applies to payment services generally. This can include loyalty schemes, fuel card schemes and so on. Some regulators may consider gift cards as falling within this exclusion, while others may not see them as within scope of the PSD at all.

Is the service offered by way of business?

This is where a lot of uncertainty can arise because, in some countries (like the UK), the regulator is only concerned about payments activity that is operated or offered as a business separately or distinctly from any other activity. In other countries, however, this may not be a factor that the regulator considers to be very important, if at all.

So it's worth considering that if you are receiving money and paying it out or holding it on a customer's behalf only as a small part of a much wider service - like, say, a law firm - then it is possible that the local regulator might not consider your payments-related activity to be a "payment service" in its own right (but of course other laws and/or professional rules may apply to those scenarios anyway).

It is also worth exploring any opportunities to re-position or integrate the payments activity so that it is not offered by way of business in its own right.

Even if your activity is in scope, could an exclusion apply?

Some activities that initially meet the test of being a "payment service" might actually benefit from a specific exclusion under the EMD or PSD.  There is quite a long list of possible exclusions. Some reflect day-to-day activies, like paying another person directly, paying by paper cheque etc., or physically transporting cash. Others are quite specialised and/or involve a lot of explanation and the possibility for regulators to interpret them differently, as with the scope of the EMD or PSD.  Exclusions that are likely to involve considerable legal analysis are:

• the commercial agent's exclusion: covers payment transactions from the payer to the payee through a commercial agent authorised via an agreement to negotiate or conclude the sale or purchase of goods or services on behalf of only the payer or only the payee;

• the technical service providers exclusion: covers services which support the provision of payment services, without the service provider entering into possession of the funds to be transferred - like 'payment gateway' services or anti-fraud services, for example. These services include processing and storage of data, trust and privacy protection services, data and entity authentication, information technology (IT) and communication network provision, provision and maintenance of terminals and devices used for payment services, but exclude payment initiation services and account information services;

• the limited network exclusion, which I've already mentioned above in relation to e-money.

Conclusion:
Again, there is often no simple answer as to whether your activities constitute a regulated e-money or payment service, but I've explained the main issues above. Please get in touch if you would like to discuss any of them.

FCA Launches PSD2 Navigator

The Financial Conduct Authority has always led its EU counterparts in explaining its approach to regulating payment services, and continues to do so in spite of Brexit. 

The FCA had already published its "Approach" document for the new Payment Services Regulations 2017 (incorporating its approach to supervising the Electronic Money Regulations 2011) and has now launched a higher level web page to help navigate the impact and benefits of the new regulations.

This will be of most help to firms offering the new "account information services" and "payment initiation services", as well as retailers operating loyalty programmes that transact over €1 million in any 12 month period starting from 13 January 2018 and various other exclusions.

It is important to consider at the outset, however, whether your firm is offering payment services as a regular occupation or business.

#PSD2: The FCA Clarifies The "Business Test"

In deciding whether or not a firm's activities are caught by the new Payment Services Directive (PSD2) as implemented in the UK by new Payment Services Regulations, one needs to first consider whether the activities are conducted by way of business. This is a question of fact and degree that can be difficult to answer. In the consultation on its approach to supervising the new regulations, the Financial Conduct Authority has helpfully done a lot more than it has in other areas to clarify when it considers that a payment activity will constitute 'a regular occupation or business' in itself, as opposed to being merely part of another type of business.

FCA's current guidance on the Payment Services Regulations 2009 states (at PERG 15.2, Q.9):

“…Simply because you provide payment services as part of your business does not mean that you require authorisation or registration. You have to be providing payment services, themselves, as a regular occupation or business to fall within the scope of the regulations. Accordingly, we would not generally expect solicitors or broker dealers, for example, to be providing payment services for the purpose of the regulations merely through operating their client accounts in connection with their main professional activities.”

The FCA has revised Question 9 as part of its proposed draft changes to the Perimeter Guidance to read as follows:

"Q9. If we provide payment services to our clients, will we always require authorisation or registration under the regulations?

Not necessarily; you will only be providing payment services, for the purpose of the regulations, when you carry on one or more of the activities in PERG 15 Annex 2:

• as a regular occupation or business activity; and

• these are not excluded or exempt activities.

Simply because you provide payment services as part of your business does not mean that you require authorisation or registration. You have to be providing payment services, themselves, as a regular occupation or business to fall within the scope of the regulations (see definition of "payment services" in regulation 2(1)). In our view this means that the services must be provided as a regular occupation or business activity in their own right and not merely as ancillary to another business activity. Accordingly, we would not generally expect the following to be providing payment services as a regular occupation or business activity:

• solicitors or broker dealers, merely through operating their client accounts in connection with their main professional activities;

• letting agents, handling tenants’ deposits or rent payments in connection with the letting of a property by them;

• debt management companies, receiving funds from and making repayments for a customer as part of a debt management plan being administered for that customer; and

• operators of loan or investment based crowd funding platforms transferring funds between participants as part of that activity.

The fact that a service is provided as part of a package with other services does not, however, necessarily make it ancillary to those services – the question is whether that service is, on the facts, itself carried on as a regular occupation or business activity."

Simlarly, in Question 38, the FCA proposes to state:

"Q38. We are an investment firm providing investment services to our clients - are payment transactions relating to these services caught by the regulations?

Generally, no. Where payment transactions only arise in connection with your the main activity of providing investment services, in our view it is unlikely that you will be providing payment services by way of business. In those limited cases where you are, the PSRs 2017 do not apply to securities assets servicing, including dividends, income or other distributions and redemption or sale (see PERG 15 Annex 3, paragraph (i))."

In relation to e-commerce marketplaces, the FCA proposes to add the following question to its Perimeter Guidance:

"Q33A. We are an e-commerce platform that collects payments from buyers of goods and services and then remits the funds to the merchants who sell goods and services through us – do the regulations apply to us?

The platform should consider whether they fall within the exclusion at PERG 15 Annex 3, paragraph (b). The PSRs 2017 do not apply to payment transactions from the payer to the payee through a commercial agent authorised via an agreement to negotiate or conclude the sale or purchase of goods or services on behalf of either the payer or the payee but not both the payer and the payee.

Recital 11 of PSD2 makes clear that some e-commerce platforms are intended to be within the scope of regulation. An example of where a platform will be acting for both the payer and the payee would be where the platform allows a payer to transfer funds into an account that it controls or manages, but this does not constitute settlement of the payer’s debt to the payee, and then the platform transfers corresponding amounts to the payee, pursuant to an agreement with the payee.

The platform should also consider whether they are offering payment services as a regular occupation or business activity (see Q9). Depending on your business model, the payment service may be ancillary to another business activity, or may be a business activity in its own right. Where the payment service is carried on as a regular occupation or business activity, and none of the exclusions apply, the platform will need to be authorised or registered."

The FCA also proposes to add Question 34A relating to "online fundraising platforms":

"Q34A. We are an online fundraising platform which collects donations in the form of electronic payments and transmits funds electronically to the causes and charities that have an agreement with us - do any of the exclusions apply to us?

Persons collecting cash on behalf of a charity and then transferring the cash to the charity electronically do not fall within the exclusion in PERG 15 Annex 3, paragraph (d), unless they themselves are carrying this out non-professionally and as part of a not-for-profit or charitable activity. For example, a group of volunteers that organises regular fundraising events to collect money for charities would fall within this exclusion. On the other hand, an online fundraising platform that derives an income stream from charging charities a percentage of the money raised for them is unlikely to fall within this exclusion.

Nor will an online fundraising platform accepting donations and then transmitting them to the intended recipient be able to take advantage of the exclusion in paragraph (b), as they are not a commercial agent authorised via an agreement to negotiate or conclude the sale or purchase of goods or services on behalf of either the payer or the payee but not both the payer and the payee.

Online fundraising platforms should also consider the guidance in Q33A."

There may be some confusion over whether a platform is an "online fundraising platform" covered by Questions 33A and 34A, as opposed to a 'donation/reward based crowdfunding platform' which I would suggest should be treated consistently with loan/investment based crowdfunding platforms under Question 9 above.

Consultations On Supervision Of New Payment Services Regs Under #PSD2

The FCA is consulting on its approach to supervising the new regulations that will implement PSD2. It's a huge job, and delays to the release of the draft regulations has left little time to prepare for the regulations to take effect from 13 January 2018. Responses to the FCA consultation are due by 8 June 2017, and can be provided online. 

The consultation is explained in the first 60 pages of the main policy document, and the detailed changes to the FCA Handbook is in the Annexes (another 217 pages worth!), including important updates to the 'perimeter guidance' on activities that are in scope, out of scope or excluded (Annex K from page 223 of the PDF version).

The FCA has also helpfully published a mark-up showing changes to its Approach Document that explains how it regulates the current PSD. The regulations are still in draft, so the FCA's guidance may also change if the regulations do; and there are certain 'regulatory technical standards' being developed that could also produce changes over time.

Meanwhile, the Payment Services Regulator has also issued its guidance on how the draft regulations impact its supervision of payment systems.

Unfortunately, the UK's view of PSD2 may not be consistent with other member states, and further divergence could occur after Brexit. The main consequences of this are explained in my answer to Question 1 of the Treasury consultation.

I will likely publish my general observations on the FCA's proposed changes in the coming weeks, where possible. 

In the meantime, my general response to the Treasury consultation on the draft Payment Services Regulations is here; and I've also previously posted on the following general issues under PSD2:

• Loyalty schemes with volumes over €1m (or GBP equivalent) must register with FCA, which must decide if they are a ‘limited network’; 
• Are Merchant Checkouts ‘Payment Instruments’? – may impact how checkout processes are structured/hosted and who by; 
• What is a ‘Payment Initiation Service’? – could affect merchants and various ‘technical service providers’ who support payment processes but don’t handle funds; 
• What is an ‘Account Information Service’? – new issue for accountants, personal data aggregators, cloud storage providers etc. who handle payment account data; 
• Are ‘bill payment services’ in or out of scope of new UK payments regs? 
• Post-Brexit outlook for passporting – if you need to get authorised to offer services across EU/UK, where do you do it?